Everything not explicitly permitted is forbidden has which of the following kinds of tradeoff?
Which of the following antispam filtering techniques would BEST prevent a valid, variable- length e-mail
message containing a heavily weighted spam keyword from being labeled as spam?
While evaluating logical access control the IS auditor should follow all of the steps mentioned below EXCEPT one?
1. Obtain general understanding of security risk facing information processing, through a review of relevant documentation, inquiry and observation,etc
2. Document and evaluate controls over potential access paths into the system to assess their adequacy, efficiency and effectiveness
3. Test Control over access paths to determine whether they are functioning and effective by applying appropriate audit technique
4. Evaluate the access control environment to determine if the control objective are achieved by analyzing test result and other audit evidence
5. Evaluate the security environment to assess its adequacy by reviewing written policies, observing practices and procedures, and comparing them with appropriate security standard or practice and procedures used by other organization.
6. Evaluate and deploy technical controls to mitigate all identified risks during audit.
An IS auditor finds multiple situations where the help desk resolved security incidents without notifying IT
security as required by policy. Which of the following is the BEST audit recommendation?
During business process reengineering (BPR) of a bank's teller activities, an IS auditor should evaluate:
